use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.
the class KeycloakAdapterPolicyEnforcer method getPermissionTicket.
private String getPermissionTicket(PathConfig pathConfig, PolicyEnforcerConfig.MethodConfig methodConfig, AuthzClient authzClient, OIDCHttpFacade httpFacade) {
if (getEnforcerConfig().getUserManagedAccess() != null) {
ProtectionResource protection = authzClient.protection();
PermissionResource permission = protection.permission();
PermissionRequest permissionRequest = new PermissionRequest();
permissionRequest.setResourceId(pathConfig.getId());
permissionRequest.setScopes(new HashSet<>(methodConfig.getScopes()));
Map<String, List<String>> claims = resolveClaims(pathConfig, httpFacade);
if (!claims.isEmpty()) {
permissionRequest.setClaims(claims);
}
return permission.create(permissionRequest).getTicket();
}
return null;
}
use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testReusingAccessAndRefreshTokens.
private void testReusingAccessAndRefreshTokens(int expectedUserSessionsCount) throws Exception {
ClientsResource clients = getAdminClient().realm("authz-test-session").clients();
ClientRepresentation clientRepresentation = clients.findByClientId("resource-server-test").get(0);
List<UserSessionRepresentation> userSessions = clients.get(clientRepresentation.getId()).getUserSessions(-1, -1);
assertEquals(0, userSessions.size());
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
ProtectionResource protection = authzClient.protection();
protection.resource().findByName("Default Resource");
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(expectedUserSessionsCount, userSessions.size());
Thread.sleep(2000);
protection = authzClient.protection();
protection.resource().findByName("Default Resource");
userSessions = clients.get(clientRepresentation.getId()).getUserSessions(null, null);
assertEquals(expectedUserSessionsCount, userSessions.size());
}
use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.
the class AuthzClientCredentialsTest method testFindByName.
@Test
public void testFindByName() {
AuthzClient authzClient = getAuthzClient("default-session-keycloak.json");
ProtectionResource protection = authzClient.protection();
protection.resource().create(new ResourceRepresentation("Admin Resources"));
protection.resource().create(new ResourceRepresentation("Resource"));
ResourceRepresentation resource = authzClient.protection().resource().findByName("Resource");
assertEquals("Resource", resource.getName());
ResourceRepresentation adminResource = authzClient.protection().resource().findByName("Admin Resources");
assertEquals("Admin Resources", adminResource.getName());
assertNotEquals(resource.getId(), adminResource.getId());
}
use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.
the class UserManagedPermissionServiceTest method testRemovePoliciesOnClientDelete.
@Test
public void testRemovePoliciesOnClientDelete() {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName("Resource A");
resource.setOwnerManagedAccess(true);
resource.setOwner("marta");
resource.addScope("Scope A", "Scope B", "Scope C");
resource = getAuthzClient().protection().resource().create(resource);
UmaPermissionRepresentation newPermission = new UmaPermissionRepresentation();
newPermission.setName("Custom User-Managed Permission");
newPermission.addClient("client-remove");
ProtectionResource protection = getAuthzClient().protection("marta", "password");
protection.policy(resource.getId()).create(newPermission);
getTestingClient().server().run((RunOnServer) UserManagedPermissionServiceTest::testRemovePoliciesOnClientDelete);
}
use of org.keycloak.authorization.client.resource.ProtectionResource in project keycloak by keycloak.
the class UserManagedPermissionServiceTest method testOnlyResourceOwnerCanManagePolicies.
@Test
public void testOnlyResourceOwnerCanManagePolicies() {
ResourceRepresentation resource = new ResourceRepresentation();
resource.setName(UUID.randomUUID().toString());
resource.setOwner("marta");
resource.addScope("Scope A", "Scope B", "Scope C");
ProtectionResource protection = getAuthzClient().protection();
resource = protection.resource().create(resource);
try {
getAuthzClient().protection("alice", "password").policy(resource.getId()).create(new UmaPermissionRepresentation());
fail("Error expected");
} catch (Exception e) {
assertTrue(HttpResponseException.class.cast(e.getCause()).toString().contains("Only resource owner can access policies for resource"));
}
}
Aggregations